Blogroll | Communications of the ACM

From Schneier on Security

Security Analysis of Apple’s “Find My…” Protocol

Interesting research: “Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System“: Abstract: Overnight, Apple has... Bruce Schneier
From Schneier on Security | March 9, 2021 at 03:50 PM

From Schneier on Security

Metadata Left in Security Agency PDFs

Really interesting research: “Exploitation and Sanitization of Hidden Data in PDF Files” Abstract: Organizations publish and share more and more electronic documents... Bruce Schneier
From Schneier on Security | March 9, 2021 at 03:45 PM

From Schneier on Security

Fast Random Bit Generation

Science has a paper (and commentary) on generating 250 random terabits per second with a laser. I don’t know how cryptographically secure they are, but that can... Bruce Schneier
From Schneier on Security | March 9, 2021 at 03:42 PM

From Schneier on Security

On Not Fixing Old Vulnerabilities

How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to... Bruce Schneier
From Schneier on Security | March 5, 2021 at 04:18 PM

From Schneier on Security

Friday Squid Blogging: Squid Cartoon

Squid ink. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here... Bruce Schneier
From Schneier on Security | March 5, 2021 at 04:15 PM

From Schneier on Security

Hacking Digitally Signed PDF Files

Interesting paper: “Shadow Attacks: Hiding and Replacing Content in Signed PDFs“: Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee... Bruce Schneier
From Schneier on Security | March 5, 2021 at 04:13 PM

From Schneier on Security

No, RSA Is Not Broken

I have been seeing this paper by cryptographer Peter Schnorr making the rounds: “Fast Factoring Integers by SVP Algorithms.” It describes a new factoring method... Bruce Schneier
From Schneier on Security | March 5, 2021 at 11:48 AM

From Schneier on Security

Four Microsoft Exchange Zero-Days Exploited by China

Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. Bruce Schneier
From Schneier on Security | March 4, 2021 at 02:03 PM

From Schneier on Security

Encoded Message in the Perseverance Mars Lander’s Parachute

NASA made an oblique reference to a coded message in the color pattern of the Perseverance Mars Lander ‘s parachute. More information. Bruce Schneier
From Schneier on Security | February 26, 2021 at 02:35 PM

From Schneier on Security

Chinese Hackers Stole an NSA Windows Exploit in 2014

Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated)... Bruce Schneier
From Schneier on Security | February 25, 2021 at 03:27 PM

From Schneier on Security

National Security Risks of Late-Stage Capitalism

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company... Bruce Schneier
From Schneier on Security | February 25, 2021 at 03:23 PM

From Schneier on Security

Friday Squid Blogging: Vampire Squid Fossil

A 30-million-year-old vampire squid fossil was found, lost, and then re-found in Hungary. As usual, you can also use this squid post to talk about the securityhere... Bruce Schneier
From Schneier on Security | February 25, 2021 at 03:12 PM

From Schneier on Security

Friday Squid Blogging: On SQUIDS

A good tutorial: But we can go beyond the polarization of electrons and really leverage the electron waviness. By interleaving thin layers of superconducting and... Bruce Schneier
From Schneier on Security | February 25, 2021 at 03:12 PM

From Schneier on Security

Mysterious Macintosh Malware

This is weird: Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however... Bruce Schneier
From Schneier on Security | February 23, 2021 at 03:09 PM

From Schneier on Security

Threat Model Humor

At a hospital. Bruce Schneier
From Schneier on Security | February 23, 2021 at 03:05 PM

From Schneier on Security

The Problem with Treating Data as a Commodity

Excellent Brookings paper: “Why data ownership is the wrong approach to protecting privacy.” From the introduction: Treating data like it is property fails to recognize... Bruce Schneier
From Schneier on Security | February 22, 2021 at 03:31 PM

From Schneier on Security

On Chinese-Owned Technology Platforms

I am a co-author on a report published by the Hoover Institution: “Chinese Technology Platforms Operating in the United States.” From a blog post: The report suggests... Bruce Schneier
From Schneier on Security | February 18, 2021 at 03:20 PM

From Schneier on Security

Twelve-Year-Old Vulnerability Found in Windows Defender

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used... Bruce Schneier
From Schneier on Security | February 18, 2021 at 03:19 PM

From Schneier on Security

Dependency Confusion: Another Supply-Chain Vulnerability

Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files... Bruce Schneier
From Schneier on Security | February 18, 2021 at 03:18 PM

From Schneier on Security

GPS Vulnerabilities

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives. The 2018 National... Bruce Schneier
From Schneier on Security | February 18, 2021 at 03:18 PM